[Grok-dev] Data modelling & security
Matthias
nitro at dr-code.org
Sun Jan 16 20:41:49 EST 2011
Am 17.01.2011, 02:34 Uhr, schrieb Matthias <nitro at dr-code.org>:
> Alternative:
>
> Task User Assignment Result
> ------------------------------------------------
> - - - nothing
> x - - Task, but not user
> x x - Task, but not user
> x - x Task, but dummy user
> - x - nothing
> - x x dummy task, user
> - - x dummy task, dummy user
> x x x Task and user
>
> Dummy objects are basically just empty "Unknown/Protected" objects.
Oops, there's a security hole in there :) The "dummy task, user" and
"dummy task, dummy user" lines are wrong. The task should not have been
retrieved since the "dueDate" attribute should not have been accessible in
the first place. So both of these lines should be changed to "nothing".
-Matthias
More information about the Grok-dev
mailing list